+ +

List Room API
Room Details API
Room Members API
Room State API
Block Room API
Delete Room API +
+
Make Room Admin API
Forward Extremities Admin API
Event Context API

List Room API

The List Room admin API allows server admins to get a list of rooms on their +server. There are various parameters available that allow for filtering and +sorting the returned list. This API supports pagination.

Parameters

The following query parameters are available:

+
from - Offset in the returned list. Defaults to 0.
+
+
limit - Maximum amount of rooms to return. Defaults to 100.
+
+
order_by - The method in which to sort the returned list of rooms. Valid values are:
+
- alphabetical - Same as name. This is deprecated.
- size - Same as joined_members. This is deprecated.
- name - Rooms are ordered alphabetically by room name. This is the default.
- canonical_alias - Rooms are ordered alphabetically by main alias address of the room.
- joined_members - Rooms are ordered by the number of members. Largest to smallest.
- joined_local_members - Rooms are ordered by the number of local members. Largest to smallest.
- version - Rooms are ordered by room version. Largest to smallest.
- creator - Rooms are ordered alphabetically by creator of the room.
- encryption - Rooms are ordered alphabetically by the end-to-end encryption algorithm.
- federatable - Rooms are ordered by whether the room is federatable.
- public - Rooms are ordered by visibility in room list.
- join_rules - Rooms are ordered alphabetically by join rules of the room.
- guest_access - Rooms are ordered alphabetically by guest access option of the room.
- history_visibility - Rooms are ordered alphabetically by visibility of history of the room.
- state_events - Rooms are ordered by number of state events. Largest to smallest.
+
+
dir - Direction of room order. Either f for forwards or b for backwards. Setting +this value to b will reverse the above sort order. Defaults to f.
+
+
search_term - Filter rooms by their room name, canonical alias and room id. +Specifically, rooms are selected if the search term is contained in
+
- the room's name,
- the local part of the room's canonical alias, or
- the complete (local and server part) room's id (case sensitive).
+
Defaults to no filtering.
+

Response

The following fields are possible in the JSON response body:

rooms - An array of objects, each containing information about a room. +
- Room objects contain the following fields: +
  - room_id - The ID of the room.
  - name - The name of the room.
  - canonical_alias - The canonical (main) alias address of the room.
  - joined_members - How many users are currently in the room.
  - joined_local_members - How many local users are currently in the room.
  - version - The version of the room as a string.
  - creator - The user_id of the room creator.
  - encryption - Algorithm of end-to-end encryption of messages. Is null if encryption is not active.
  - federatable - Whether users on other servers can join this room.
  - public - Whether the room is visible in room directory.
  - join_rules - The type of rules used for users wishing to join this room. One of: ["public", "knock", "invite", "private"].
  - guest_access - Whether guests can join the room. One of: ["can_join", "forbidden"].
  - history_visibility - Who can see the room history. One of: ["invited", "joined", "shared", "world_readable"].
  - state_events - Total number of state_events of a room. Complexity of the room.
  +
+
offset - The current pagination offset in rooms. This parameter should be +used instead of next_token for room offset as next_token is +not intended to be parsed.
total_rooms - The total number of rooms this query can return. Using this +and offset, you have enough information to know the current +progression through the list.
next_batch - If this field is present, we know that there are potentially +more rooms on the server that did not all fit into this response. +We can use next_batch to get the "next page" of results. To do +so, simply repeat your request, setting the from parameter to +the value of next_batch.
prev_batch - If this field is present, it is possible to paginate backwards. +Use prev_batch for the from value in the next request to +get the "previous page" of results.

The API is:

A standard request with no filtering:

GET /_synapse/admin/v1/rooms
+

A response body like the following is returned:

{
+  "rooms": [
+    {
+      "room_id": "!OGEhHVWSdvArJzumhm:matrix.org",
+      "name": "Matrix HQ",
+      "canonical_alias": "#matrix:matrix.org",
+      "joined_members": 8326,
+      "joined_local_members": 2,
+      "version": "1",
+      "creator": "@foo:matrix.org",
+      "encryption": null,
+      "federatable": true,
+      "public": true,
+      "join_rules": "invite",
+      "guest_access": null,
+      "history_visibility": "shared",
+      "state_events": 93534
+    },
+    ... (8 hidden items) ...
+    {
+      "room_id": "!xYvNcQPhnkrdUmYczI:matrix.org",
+      "name": "This Week In Matrix (TWIM)",
+      "canonical_alias": "#twim:matrix.org",
+      "joined_members": 314,
+      "joined_local_members": 20,
+      "version": "4",
+      "creator": "@foo:matrix.org",
+      "encryption": "m.megolm.v1.aes-sha2",
+      "federatable": true,
+      "public": false,
+      "join_rules": "invite",
+      "guest_access": null,
+      "history_visibility": "shared",
+      "state_events": 8345
+    }
+  ],
+  "offset": 0,
+  "total_rooms": 10
+}
+

Filtering by room name:

GET /_synapse/admin/v1/rooms?search_term=TWIM
+

A response body like the following is returned:

{
+  "rooms": [
+    {
+      "room_id": "!xYvNcQPhnkrdUmYczI:matrix.org",
+      "name": "This Week In Matrix (TWIM)",
+      "canonical_alias": "#twim:matrix.org",
+      "joined_members": 314,
+      "joined_local_members": 20,
+      "version": "4",
+      "creator": "@foo:matrix.org",
+      "encryption": "m.megolm.v1.aes-sha2",
+      "federatable": true,
+      "public": false,
+      "join_rules": "invite",
+      "guest_access": null,
+      "history_visibility": "shared",
+      "state_events": 8
+    }
+  ],
+  "offset": 0,
+  "total_rooms": 1
+}
+

Paginating through a list of rooms:

GET /_synapse/admin/v1/rooms?order_by=size
+

A response body like the following is returned:

{
+  "rooms": [
+    {
+      "room_id": "!OGEhHVWSdvArJzumhm:matrix.org",
+      "name": "Matrix HQ",
+      "canonical_alias": "#matrix:matrix.org",
+      "joined_members": 8326,
+      "joined_local_members": 2,
+      "version": "1",
+      "creator": "@foo:matrix.org",
+      "encryption": null,
+      "federatable": true,
+      "public": true,
+      "join_rules": "invite",
+      "guest_access": null,
+      "history_visibility": "shared",
+      "state_events": 93534
+    },
+    ... (98 hidden items) ...
+    {
+      "room_id": "!xYvNcQPhnkrdUmYczI:matrix.org",
+      "name": "This Week In Matrix (TWIM)",
+      "canonical_alias": "#twim:matrix.org",
+      "joined_members": 314,
+      "joined_local_members": 20,
+      "version": "4",
+      "creator": "@foo:matrix.org",
+      "encryption": "m.megolm.v1.aes-sha2",
+      "federatable": true,
+      "public": false,
+      "join_rules": "invite",
+      "guest_access": null,
+      "history_visibility": "shared",
+      "state_events": 8345
+    }
+  ],
+  "offset": 0,
+  "total_rooms": 150,
+  "next_token": 100
+}
+

The presence of the next_token parameter tells us that there are more rooms +than returned in this request, and we need to make another request to get them. +To get the next batch of room results, we repeat our request, setting the from +parameter to the value of next_token.

GET /_synapse/admin/v1/rooms?order_by=size&from=100
+

A response body like the following is returned:

{
+  "rooms": [
+    {
+      "room_id": "!mscvqgqpHYjBGDxNym:matrix.org",
+      "name": "Music Theory",
+      "canonical_alias": "#musictheory:matrix.org",
+      "joined_members": 127,
+      "joined_local_members": 2,
+      "version": "1",
+      "creator": "@foo:matrix.org",
+      "encryption": null,
+      "federatable": true,
+      "public": true,
+      "join_rules": "invite",
+      "guest_access": null,
+      "history_visibility": "shared",
+      "state_events": 93534
+    },
+    ... (48 hidden items) ...
+    {
+      "room_id": "!twcBhHVdZlQWuuxBhN:termina.org.uk",
+      "name": "weechat-matrix",
+      "canonical_alias": "#weechat-matrix:termina.org.uk",
+      "joined_members": 137,
+      "joined_local_members": 20,
+      "version": "4",
+      "creator": "@foo:termina.org.uk",
+      "encryption": null,
+      "federatable": true,
+      "public": true,
+      "join_rules": "invite",
+      "guest_access": null,
+      "history_visibility": "shared",
+      "state_events": 8345
+    }
+  ],
+  "offset": 100,
+  "prev_batch": 0,
+  "total_rooms": 150
+}
+

Once the next_token parameter is no longer present, we know we've reached the +end of the list.

Room Details API

The Room Details admin API allows server admins to get all details of a room.

The following fields are possible in the JSON response body:

room_id - The ID of the room.
name - The name of the room.
topic - The topic of the room.
avatar - The mxc URI to the avatar of the room.
canonical_alias - The canonical (main) alias address of the room.
joined_members - How many users are currently in the room.
joined_local_members - How many local users are currently in the room.
joined_local_devices - How many local devices are currently in the room.
version - The version of the room as a string.
creator - The user_id of the room creator.
encryption - Algorithm of end-to-end encryption of messages. Is null if encryption is not active.
federatable - Whether users on other servers can join this room.
public - Whether the room is visible in room directory.
join_rules - The type of rules used for users wishing to join this room. One of: ["public", "knock", "invite", "private"].
guest_access - Whether guests can join the room. One of: ["can_join", "forbidden"].
history_visibility - Who can see the room history. One of: ["invited", "joined", "shared", "world_readable"].
state_events - Total number of state_events of a room. Complexity of the room.

The API is:

GET /_synapse/admin/v1/rooms/<room_id>
+

A response body like the following is returned:

{
+  "room_id": "!mscvqgqpHYjBGDxNym:matrix.org",
+  "name": "Music Theory",
+  "avatar": "mxc://matrix.org/AQDaVFlbkQoErdOgqWRgiGSV",
+  "topic": "Theory, Composition, Notation, Analysis",
+  "canonical_alias": "#musictheory:matrix.org",
+  "joined_members": 127,
+  "joined_local_members": 2,
+  "joined_local_devices": 2,
+  "version": "1",
+  "creator": "@foo:matrix.org",
+  "encryption": null,
+  "federatable": true,
+  "public": true,
+  "join_rules": "invite",
+  "guest_access": null,
+  "history_visibility": "shared",
+  "state_events": 93534
+}
+

Room Members API

The Room Members admin API allows server admins to get a list of all members of a room.

The response includes the following fields:

members - A list of all the members that are present in the room, represented by their ids.
total - Total number of members in the room.

The API is:

GET /_synapse/admin/v1/rooms/<room_id>/members
+

A response body like the following is returned:

{
+  "members": [
+    "@foo:matrix.org",
+    "@bar:matrix.org",
+    "@foobar:matrix.org"
+  ],
+  "total": 3
+}
+

Room State API

The Room State admin API allows server admins to get a list of all state events in a room.

The response includes the following fields:

state - The current state of the room at the time of request.

The API is:

GET /_synapse/admin/v1/rooms/<room_id>/state
+

A response body like the following is returned:

{
+  "state": [
+    {"type": "m.room.create", "state_key": "", "etc": true},
+    {"type": "m.room.power_levels", "state_key": "", "etc": true},
+    {"type": "m.room.name", "state_key": "", "etc": true}
+  ]
+}
+

Block Room API

The Block Room admin API allows server admins to block and unblock rooms, +and query to see if a given room is blocked. +This API can be used to pre-emptively block a room, even if it's unknown to this +homeserver. Users will be prevented from joining a blocked room.

Block or unblock a room

The API is:

PUT /_synapse/admin/v1/rooms/<room_id>/block
+

with a body of:

{
+    "block": true
+}
+

A response body like the following is returned:

{
+    "block": true
+}
+

Parameters

The following parameters should be set in the URL:

room_id - The ID of the room.

The following JSON body parameters are available:

block - If true the room will be blocked and if false the room will be unblocked.

Response

The following fields are possible in the JSON response body:

block - A boolean. true if the room is blocked, otherwise false

Get block status

The API is:

GET /_synapse/admin/v1/rooms/<room_id>/block
+

A response body like the following is returned:

{
+    "block": true,
+    "user_id": "<user_id>"
+}
+

Parameters

The following parameters should be set in the URL:

room_id - The ID of the room.

Response

The following fields are possible in the JSON response body:

block - A boolean. true if the room is blocked, otherwise false
user_id - An optional string. If the room is blocked (block is true) shows +the user who has add the room to blocking list. Otherwise it is not displayed.

Delete Room API

The Delete Room admin API allows server admins to remove rooms from the server +and block these rooms.

Shuts down a room. Moves all local users and room aliases automatically to a +new room if new_room_user_id is set. Otherwise local users only +leave the room without any information.

The new room will be created with the user specified by the new_room_user_id parameter +as room administrator and will contain a message explaining what happened. Users invited +to the new room will have power level -10 by default, and thus be unable to speak.

If block is true, users will be prevented from joining the old room. +This option can in Version 1 also be used to pre-emptively +block a room, even if it's unknown to this homeserver. In this case, the room will be +blocked, and no further action will be taken. If block is false, attempting to +delete an unknown room is invalid and will be rejected as a bad request.

This API will remove all trace of the old room from your database after removing +all local users. If purge is true (the default), all traces of the old room will +be removed from your database after removing all local users. If you do not want +this to happen, set purge to false. +Depending on the amount of history being purged, a call to the API may take +several minutes or longer.

The local server will only have the power to move local user and room aliases to +the new room. Users on other servers will be unaffected.

To use it, you will need to authenticate by providing an access_token for a +server admin: see Admin API.

Version 1 (old version)

This version works synchronously. That means you only get the response once the server has +finished the action, which may take a long time. If you request the same action +a second time, and the server has not finished the first one, the second request will block. +This is fixed in version 2 of this API. The parameters are the same in both APIs. +This API will become deprecated in the future.

The API is:

DELETE /_synapse/admin/v1/rooms/<room_id>
+

with a body of:

{
+    "new_room_user_id": "@someuser:example.com",
+    "room_name": "Content Violation Notification",
+    "message": "Bad Room has been shutdown due to content violations on this server. Please review our Terms of Service.",
+    "block": true,
+    "purge": true
+}
+

A response body like the following is returned:

{
+    "kicked_users": [
+        "@foobar:example.com"
+    ],
+    "failed_to_kick_users": [],
+    "local_aliases": [
+        "#badroom:example.com",
+        "#evilsaloon:example.com"
+    ],
+    "new_room_id": "!newroomid:example.com"
+}
+

The parameters and response values have the same format as +version 2 of the API.

Version 2 (new version)

Note: This API is new, experimental and "subject to change".

This version works asynchronously, meaning you get the response from server immediately +while the server works on that task in background. You can then request the status of the action +to check if it has completed.

The API is:

DELETE /_synapse/admin/v2/rooms/<room_id>
+

with a body of:

{
+    "new_room_user_id": "@someuser:example.com",
+    "room_name": "Content Violation Notification",
+    "message": "Bad Room has been shutdown due to content violations on this server. Please review our Terms of Service.",
+    "block": true,
+    "purge": true
+}
+

The API starts the shut down and purge running, and returns immediately with a JSON body with +a purge id:

{
+    "delete_id": "<opaque id>"
+}
+

Parameters

The following parameters should be set in the URL:

room_id - The ID of the room.

The following JSON body parameters are available:

new_room_user_id - Optional. If set, a new room will be created with this user ID +as the creator and admin, and all users in the old room will be moved into that +room. If not set, no new room will be created and the users will just be removed +from the old room. The user ID must be on the local server, but does not necessarily +have to belong to a registered user.
room_name - Optional. A string representing the name of the room that new users will be +invited to. Defaults to Content Violation Notification
message - Optional. A string containing the first message that will be sent as +new_room_user_id in the new room. Ideally this will clearly convey why the +original room was shut down. Defaults to Sharing illegal content on this server is not permitted and rooms in violation will be blocked.
block - Optional. If set to true, this room will be added to a blocking list, +preventing future attempts to join the room. Rooms can be blocked +even if they're not yet known to the homeserver (only with +Version 1 of the API). Defaults to false.
purge - Optional. If set to true, it will remove all traces of the room from your database. +Defaults to true.
force_purge - Optional, and ignored unless purge is true. If set to true, it +will force a purge to go ahead even if there are local users still in the room. Do not +use this unless a regular purge operation fails, as it could leave those users' +clients in a confused state.

The JSON body must not be empty. The body must be at least {}.

Status of deleting rooms

Note: This API is new, experimental and "subject to change".

It is possible to query the status of the background task for deleting rooms. +The status can be queried up to 24 hours after completion of the task, +or until Synapse is restarted (whichever happens first).

Query by `room_id`

With this API you can get the status of all active deletion tasks, and all those completed in the last 24h, +for the given room_id.

The API is:

GET /_synapse/admin/v2/rooms/<room_id>/delete_status
+

A response body like the following is returned:

{
+    "results": [
+        {
+            "delete_id": "delete_id1",
+            "status": "failed",
+            "error": "error message",
+            "shutdown_room": {
+                "kicked_users": [],
+                "failed_to_kick_users": [],
+                "local_aliases": [],
+                "new_room_id": null
+            }
+        }, {
+            "delete_id": "delete_id2",
+            "status": "purging",
+            "shutdown_room": {
+                "kicked_users": [
+                    "@foobar:example.com"
+                ],
+                "failed_to_kick_users": [],
+                "local_aliases": [
+                    "#badroom:example.com",
+                    "#evilsaloon:example.com"
+                ],
+                "new_room_id": "!newroomid:example.com"
+            }
+        }
+    ]
+}
+

Parameters

The following parameters should be set in the URL:

room_id - The ID of the room.

Query by `delete_id`

With this API you can get the status of one specific task by delete_id.

The API is:

GET /_synapse/admin/v2/rooms/delete_status/<delete_id>
+

A response body like the following is returned:

{
+    "status": "purging",
+    "shutdown_room": {
+        "kicked_users": [
+            "@foobar:example.com"
+        ],
+        "failed_to_kick_users": [],
+        "local_aliases": [
+            "#badroom:example.com",
+            "#evilsaloon:example.com"
+        ],
+        "new_room_id": "!newroomid:example.com"
+    }
+}
+

Parameters

The following parameters should be set in the URL:

delete_id - The ID for this delete.

Response

The following fields are returned in the JSON response body:

results - An array of objects, each containing information about one task. +This field is omitted from the result when you query by delete_id. +Task objects contain the following fields: +
- delete_id - The ID for this purge if you query by room_id.
- status - The status will be one of: +
  - shutting_down - The process is removing users from the room.
  - purging - The process is purging the room and event data from database.
  - complete - The process has completed successfully.
  - failed - The process is aborted, an error has occurred.
  +
- error - A string that shows an error message if status is failed. +Otherwise this field is hidden.
- shutdown_room - An object containing information about the result of shutting down the room. +Note: The result is shown after removing the room members. +The delete process can still be running. Please pay attention to the status. +
  - kicked_users - An array of users (user_id) that were kicked.
  - failed_to_kick_users - An array of users (user_id) that that were not kicked.
  - local_aliases - An array of strings representing the local aliases that were +migrated from the old room to the new.
  - new_room_id - A string representing the room ID of the new room, or null if +no such room was created.
  +
+

Undoing room deletions

Note: This guide may be outdated by the time you read it. By nature of room deletions being performed at the database level, +the structure can and does change without notice.

First, it's important to understand that a room deletion is very destructive. Undoing a deletion is not as simple as pretending it +never happened - work has to be done to move forward instead of resetting the past. In fact, in some cases it might not be possible +to recover at all:

If the room was invite-only, your users will need to be re-invited.
If the room no longer has any members at all, it'll be impossible to rejoin.
The first user to rejoin will have to do so via an alias on a different +server (or receive an invite from a user on a different server).

With all that being said, if you still want to try and recover the room:

+
If the room was blocked, you must unblock it on your server. This can be +accomplished as follows:
+
1. For safety reasons, shut down Synapse.
2. In the database, run DELETE FROM blocked_rooms WHERE room_id = '!example:example.org'; +
  - For caution: it's recommended to run this in a transaction: BEGIN; DELETE ...;, verify you got 1 result, then COMMIT;.
  - The room ID is the same one supplied to the delete room API, not the Content Violation room.
  +
3. Restart Synapse.
+
This step is unnecessary if block was not set.
+
+
Any room aliases on your server that pointed to the deleted room may have +been deleted, or redirected to the Content Violation room. These will need +to be restored manually.
+
+
Users on your server that were in the deleted room will have been kicked +from the room. Consider whether you want to update their membership +(possibly via the Edit Room Membership API) or let +them handle rejoining themselves.
+
+
If new_room_user_id was given, a 'Content Violation' will have been +created. Consider whether you want to delete that roomm.
+

Make Room Admin API

Grants another user the highest power available to a local user who is in the room. +If the user is not in the room, and it is not publicly joinable, then invite the user.

By default the server admin (the caller) is granted power, but another user can +optionally be specified, e.g.:

POST /_synapse/admin/v1/rooms/<room_id_or_alias>/make_room_admin
+{
+    "user_id": "@foo:example.com"
+}
+

Forward Extremities Admin API

Enables querying and deleting forward extremities from rooms. When a lot of forward +extremities accumulate in a room, performance can become degraded. For details, see +#1760.

Check for forward extremities

To check the status of forward extremities for a room:

GET /_synapse/admin/v1/rooms/<room_id_or_alias>/forward_extremities
+

A response as follows will be returned:

{
+  "count": 1,
+  "results": [
+    {
+      "event_id": "$M5SP266vsnxctfwFgFLNceaCo3ujhRtg_NiiHabcdefgh",
+      "state_group": 439,
+      "depth": 123,
+      "received_ts": 1611263016761
+    }
+  ]
+}
+

Deleting forward extremities

WARNING: Please ensure you know what you're doing and have read +the related issue #1760. +Under no situations should this API be executed as an automated maintenance task!

If a room has lots of forward extremities, the extra can be +deleted as follows:

DELETE /_synapse/admin/v1/rooms/<room_id_or_alias>/forward_extremities
+

A response as follows will be returned, indicating the amount of forward extremities +that were deleted.

{
+  "deleted": 1
+}
+

Event Context API

This API lets a client find the context of an event. This is designed primarily to investigate abuse reports.

GET /_synapse/admin/v1/rooms/<room_id>/context/<event_id>
+

This API mimmicks GET /_matrix/client/r0/rooms/{roomId}/context/{eventId}. Please refer to the link for all details on parameters and reseponse.

Example response:

{
+  "end": "t29-57_2_0_2",
+  "events_after": [
+    {
+      "content": {
+        "body": "This is an example text message",
+        "msgtype": "m.text",
+        "format": "org.matrix.custom.html",
+        "formatted_body": "<b>This is an example text message</b>"
+      },
+      "type": "m.room.message",
+      "event_id": "$143273582443PhrSn:example.org",
+      "room_id": "!636q39766251:example.com",
+      "sender": "@example:example.org",
+      "origin_server_ts": 1432735824653,
+      "unsigned": {
+        "age": 1234
+      }
+    }
+  ],
+  "event": {
+    "content": {
+      "body": "filename.jpg",
+      "info": {
+        "h": 398,
+        "w": 394,
+        "mimetype": "image/jpeg",
+        "size": 31037
+      },
+      "url": "mxc://example.org/JWEIFJgwEIhweiWJE",
+      "msgtype": "m.image"
+    },
+    "type": "m.room.message",
+    "event_id": "$f3h4d129462ha:example.com",
+    "room_id": "!636q39766251:example.com",
+    "sender": "@example:example.org",
+    "origin_server_ts": 1432735824653,
+    "unsigned": {
+      "age": 1234
+    }
+  },
+  "events_before": [
+    {
+      "content": {
+        "body": "something-important.doc",
+        "filename": "something-important.doc",
+        "info": {
+          "mimetype": "application/msword",
+          "size": 46144
+        },
+        "msgtype": "m.file",
+        "url": "mxc://example.org/FHyPlCeYUSFFxlgbQYZmoEoe"
+      },
+      "type": "m.room.message",
+      "event_id": "$143273582443PhrSn:example.org",
+      "room_id": "!636q39766251:example.com",
+      "sender": "@example:example.org",
+      "origin_server_ts": 1432735824653,
+      "unsigned": {
+        "age": 1234
+      }
+    }
+  ],
+  "start": "t27-54_2_0_2",
+  "state": [
+    {
+      "content": {
+        "creator": "@example:example.org",
+        "room_version": "1",
+        "m.federate": true,
+        "predecessor": {
+          "event_id": "$something:example.org",
+          "room_id": "!oldroom:example.org"
+        }
+      },
+      "type": "m.room.create",
+      "event_id": "$143273582443PhrSn:example.org",
+      "room_id": "!636q39766251:example.com",
+      "sender": "@example:example.org",
+      "origin_server_ts": 1432735824653,
+      "unsigned": {
+        "age": 1234
+      },
+      "state_key": ""
+    },
+    {
+      "content": {
+        "membership": "join",
+        "avatar_url": "mxc://example.org/SEsfnsuifSDFSSEF",
+        "displayname": "Alice Margatroid"
+      },
+      "type": "m.room.member",
+      "event_id": "$143273582443PhrSn:example.org",
+      "room_id": "!636q39766251:example.com",
+      "sender": "@example:example.org",
+      "origin_server_ts": 1432735824653,
+      "unsigned": {
+        "age": 1234
+      },
+      "state_key": "@alice:example.org"
+    }
+  ]
+}
+

+ +

User Admin API

Query User Account

This API returns information about a specific user account.

The api is:

GET /_synapse/admin/v2/users/<user_id>
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

It returns a JSON body like the following:

{
+    "name": "@user:example.com",
+    "displayname": "User", // can be null if not set
+    "threepids": [
+        {
+            "medium": "email",
+            "address": "<user_mail_1>",
+            "added_at": 1586458409743,
+            "validated_at": 1586458409743
+        },
+        {
+            "medium": "email",
+            "address": "<user_mail_2>",
+            "added_at": 1586458409743,
+            "validated_at": 1586458409743
+        }
+    ],
+    "avatar_url": "<avatar_url>",  // can be null if not set
+    "is_guest": 0,
+    "admin": 0,
+    "deactivated": 0,
+    "shadow_banned": 0,
+    "creation_ts": 1560432506,
+    "appservice_id": null,
+    "consent_server_notice_sent": null,
+    "consent_version": null,
+    "external_ids": [
+        {
+            "auth_provider": "<provider1>",
+            "external_id": "<user_id_provider_1>"
+        },
+        {
+            "auth_provider": "<provider2>",
+            "external_id": "<user_id_provider_2>"
+        }
+    ],
+    "user_type": null
+}
+

URL parameters:

user_id: fully-qualified user id: for example, @user:server.com.

Create or modify Account

This API allows an administrator to create or modify a user account with a +specific user_id.

This api is:

PUT /_synapse/admin/v2/users/<user_id>
+

with a body of:

{
+    "password": "user_password",
+    "displayname": "User",
+    "threepids": [
+        {
+            "medium": "email",
+            "address": "<user_mail_1>"
+        },
+        {
+            "medium": "email",
+            "address": "<user_mail_2>"
+        }
+    ],
+    "external_ids": [
+        {
+            "auth_provider": "<provider1>",
+            "external_id": "<user_id_provider_1>"
+        },
+        {
+            "auth_provider": "<provider2>",
+            "external_id": "<user_id_provider_2>"
+        }
+    ],
+    "avatar_url": "<avatar_url>",
+    "admin": false,
+    "deactivated": false,
+    "user_type": null
+}
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

Returns HTTP status code:

201 - When a new user object was created.
200 - When a user was modified.

URL parameters:

user_id: fully-qualified user id: for example, @user:server.com.

Body parameters:

password - string, optional. If provided, the user's password is updated and all +devices are logged out.
displayname - string, optional, defaults to the value of user_id.
threepids - array, optional, allows setting the third-party IDs (email, msisdn) +
- medium - string. Kind of third-party ID, either email or msisdn.
- address - string. Value of third-party ID. +belonging to a user.
+
external_ids - array, optional. Allow setting the identifier of the external identity +provider for SSO (Single sign-on). Details in +Sample Configuration File +section sso and oidc_providers. +
- auth_provider - string. ID of the external identity provider. Value of idp_id +in homeserver configuration.
- external_id - string, user ID in the external identity provider.
+
avatar_url - string, optional, must be a +MXC URI.
admin - bool, optional, defaults to false.
deactivated - bool, optional. If unspecified, deactivation state will be left +unchanged on existing accounts and set to false for new accounts. +A user cannot be erased by deactivating with this API. For details on +deactivating users see Deactivate Account.
user_type - string or null, optional. If provided, the user type will be +adjusted. If null given, the user type will be cleared. Other +allowed options are: bot and support.

If the user already exists then optional parameters default to the current value.

In order to re-activate an account deactivated must be set to false. If +users do not login via single-sign-on, a new password must be provided.

List Accounts

This API returns all local user accounts. +By default, the response is ordered by ascending user ID.

GET /_synapse/admin/v2/users?from=0&limit=10&guests=false
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

A response body like the following is returned:

{
+    "users": [
+        {
+            "name": "<user_id1>",
+            "is_guest": 0,
+            "admin": 0,
+            "user_type": null,
+            "deactivated": 0,
+            "shadow_banned": 0,
+            "displayname": "<User One>",
+            "avatar_url": null,
+            "creation_ts": 1560432668000
+        }, {
+            "name": "<user_id2>",
+            "is_guest": 0,
+            "admin": 1,
+            "user_type": null,
+            "deactivated": 0,
+            "shadow_banned": 0,
+            "displayname": "<User Two>",
+            "avatar_url": "<avatar_url>",
+            "creation_ts": 1561550621000
+        }
+    ],
+    "next_token": "100",
+    "total": 200
+}
+

To paginate, check for next_token and if present, call the endpoint again +with from set to the value of next_token. This will return a new page.

If the endpoint does not return a next_token then there are no more users +to paginate through.

Parameters

The following parameters should be set in the URL:

+
user_id - Is optional and filters to only return users with user IDs +that contain this value. This parameter is ignored when using the name parameter.
+
+
name - Is optional and filters to only return users with user ID localparts +or displaynames that contain this value.
+
+
guests - string representing a bool - Is optional and if false will exclude guest users. +Defaults to true to include guest users.
+
+
deactivated - string representing a bool - Is optional and if true will include deactivated users. +Defaults to false to exclude deactivated users.
+
+
limit - string representing a positive integer - Is optional but is used for pagination, +denoting the maximum number of items to return in this call. Defaults to 100.
+
+
from - string representing a positive integer - Is optional but used for pagination, +denoting the offset in the returned results. This should be treated as an opaque value and +not explicitly set to anything other than the return value of next_token from a previous call. +Defaults to 0.
+
+
order_by - The method by which to sort the returned list of users. +If the ordered field has duplicates, the second order is always by ascending name, +which guarantees a stable ordering. Valid values are:
+
- name - Users are ordered alphabetically by name. This is the default.
- is_guest - Users are ordered by is_guest status.
- admin - Users are ordered by admin status.
- user_type - Users are ordered alphabetically by user_type.
- deactivated - Users are ordered by deactivated status.
- shadow_banned - Users are ordered by shadow_banned status.
- displayname - Users are ordered alphabetically by displayname.
- avatar_url - Users are ordered alphabetically by avatar URL.
- creation_ts - Users are ordered by when the users was created in ms.
+
+
dir - Direction of media order. Either f for forwards or b for backwards. +Setting this value to b will reverse the above sort order. Defaults to f.
+

Caution. The database only has indexes on the columns name and creation_ts. +This means that if a different sort order is used (is_guest, admin, +user_type, deactivated, shadow_banned, avatar_url or displayname), +this can cause a large load on the database, especially for large environments.

Response

The following fields are returned in the JSON response body:

+
users - An array of objects, each containing information about an user. +User objects contain the following fields:
+
- name - string - Fully-qualified user ID (ex. @user:server.com).
- is_guest - bool - Status if that user is a guest account.
- admin - bool - Status if that user is a server administrator.
- user_type - string - Type of the user. Normal users are type None. +This allows user type specific behaviour. There are also types support and bot.
- deactivated - bool - Status if that user has been marked as deactivated.
- shadow_banned - bool - Status if that user has been marked as shadow banned.
- displayname - string - The user's display name if they have set one.
- avatar_url - string - The user's avatar URL if they have set one.
- creation_ts - integer - The user's creation timestamp in ms.
+
+
next_token: string representing a positive integer - Indication for pagination. See above.
+
+
total - integer - Total number of media.
+

Query current sessions for a user

This API returns information about the active sessions for a specific user.

The endpoints are:

GET /_synapse/admin/v1/whois/<user_id>
+

and:

GET /_matrix/client/r0/admin/whois/<userId>
+

Deactivate Account

This API deactivates an account. It removes active access tokens, resets the +password, and deletes third-party IDs (to prevent the user requesting a +password reset).

It can also mark the user as GDPR-erased. This means messages sent by the +user will still be visible by anyone that was in the room when these messages +were sent, but hidden from users joining the room afterwards.

The api is:

POST /_synapse/admin/v1/deactivate/<user_id>
+

with a body of:

{
+    "erase": true
+}
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

The erase parameter is optional and defaults to false. +An empty body may be passed for backwards compatibility.

The following actions are performed when deactivating an user:

Try to unpind 3PIDs from the identity server
Remove all 3PIDs from the homeserver
Delete all devices and E2EE keys
Delete all access tokens
Delete all pushers
Delete the password hash
Removal from all rooms the user is a member of
Remove the user from the user directory
Reject all pending invites
Remove all account validity information related to the user

The following additional actions are performed during deactivation if erase +is set to true:

Remove the user's display name
Remove the user's avatar URL
Mark the user as erased

The following actions are NOT performed. The list may be incomplete.

Remove mappings of SSO IDs
Delete media uploaded by user (included avatar images)
Delete sent and received messages
Delete E2E cross-signing keys
Remove the user's creation (registration) timestamp
Remove rate limit overrides
Remove from monthly active users

Reset password

Changes the password of another user. This will automatically log the user out of all their devices.

The api is:

POST /_synapse/admin/v1/reset_password/<user_id>
+

with a body of:

{
+   "new_password": "<secret>",
+   "logout_devices": true
+}
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

The parameter new_password is required. +The parameter logout_devices is optional and defaults to true.

Get whether a user is a server administrator or not

The api is:

GET /_synapse/admin/v1/users/<user_id>/admin
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

A response body like the following is returned:

{
+    "admin": true
+}
+

Change whether a user is a server administrator or not

Note that you cannot demote yourself.

The api is:

PUT /_synapse/admin/v1/users/<user_id>/admin
+

with a body of:

{
+    "admin": true
+}
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

List room memberships of a user

Gets a list of all room_id that a specific user_id is member.

The API is:

GET /_synapse/admin/v1/users/<user_id>/joined_rooms
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

A response body like the following is returned:

    {
+        "joined_rooms": [
+            "!DuGcnbhHGaSZQoNQR:matrix.org",
+            "!ZtSaPCawyWtxfWiIy:matrix.org"
+        ],
+        "total": 2
+    }
+

The server returns the list of rooms of which the user and the server +are member. If the user is local, all the rooms of which the user is +member are returned.

Parameters

The following parameters should be set in the URL:

user_id - fully qualified: for example, @user:server.com.

Response

The following fields are returned in the JSON response body:

joined_rooms - An array of room_id.
total - Number of rooms.

Account Data

Gets information about account data for a specific user_id.

The API is:

GET /_synapse/admin/v1/users/<user_id>/accountdata
+

A response body like the following is returned:

{
+    "account_data": {
+        "global": {
+            "m.secret_storage.key.LmIGHTg5W": {
+                "algorithm": "m.secret_storage.v1.aes-hmac-sha2",
+                "iv": "fwjNZatxg==",
+                "mac": "eWh9kNnLWZUNOgnc="
+            },
+            "im.vector.hide_profile": {
+                "hide_profile": true
+            },
+            "org.matrix.preview_urls": {
+                "disable": false
+            },
+            "im.vector.riot.breadcrumb_rooms": {
+                "rooms": [
+                    "!LxcBDAsDUVAfJDEo:matrix.org",
+                    "!MAhRxqasbItjOqxu:matrix.org"
+                ]
+            },
+            "m.accepted_terms": {
+                "accepted": [
+                    "https://example.org/somewhere/privacy-1.2-en.html",
+                    "https://example.org/somewhere/terms-2.0-en.html"
+                ]
+            },
+            "im.vector.setting.breadcrumbs": {
+                "recent_rooms": [
+                    "!MAhRxqasbItqxuEt:matrix.org",
+                    "!ZtSaPCawyWtxiImy:matrix.org"
+                ]
+            }
+        },
+        "rooms": {
+            "!GUdfZSHUJibpiVqHYd:matrix.org": {
+                "m.fully_read": {
+                    "event_id": "$156334540fYIhZ:matrix.org"
+                }
+            },
+            "!tOZwOOiqwCYQkLhV:matrix.org": {
+                "m.fully_read": {
+                    "event_id": "$xjsIyp4_NaVl2yPvIZs_k1Jl8tsC_Sp23wjqXPno"
+                }
+            }
+        }
+    }
+}
+

Parameters

The following parameters should be set in the URL:

user_id - fully qualified: for example, @user:server.com.

Response

The following fields are returned in the JSON response body:

account_data - A map containing the account data for the user +
- global - A map containing the global account data for the user
- rooms - A map containing the account data per room for the user
+

User media

List media uploaded by a user

Gets a list of all local media that a specific user_id has created. +By default, the response is ordered by descending creation date and ascending media ID. +The newest media is on top. You can change the order with parameters +order_by and dir.

The API is:

GET /_synapse/admin/v1/users/<user_id>/media
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

A response body like the following is returned:

{
+  "media": [
+    {
+      "created_ts": 100400,
+      "last_access_ts": null,
+      "media_id": "qXhyRzulkwLsNHTbpHreuEgo",
+      "media_length": 67,
+      "media_type": "image/png",
+      "quarantined_by": null,
+      "safe_from_quarantine": false,
+      "upload_name": "test1.png"
+    },
+    {
+      "created_ts": 200400,
+      "last_access_ts": null,
+      "media_id": "FHfiSnzoINDatrXHQIXBtahw",
+      "media_length": 67,
+      "media_type": "image/png",
+      "quarantined_by": null,
+      "safe_from_quarantine": false,
+      "upload_name": "test2.png"
+    }
+  ],
+  "next_token": 3,
+  "total": 2
+}
+

To paginate, check for next_token and if present, call the endpoint again +with from set to the value of next_token. This will return a new page.

If the endpoint does not return a next_token then there are no more +reports to paginate through.

Parameters

The following parameters should be set in the URL:

+
user_id - string - fully qualified: for example, @user:server.com.
+
+
limit: string representing a positive integer - Is optional but is used for pagination, +denoting the maximum number of items to return in this call. Defaults to 100.
+
+
from: string representing a positive integer - Is optional but used for pagination, +denoting the offset in the returned results. This should be treated as an opaque value and +not explicitly set to anything other than the return value of next_token from a previous call. +Defaults to 0.
+
+
order_by - The method by which to sort the returned list of media. +If the ordered field has duplicates, the second order is always by ascending media_id, +which guarantees a stable ordering. Valid values are:
+
- media_id - Media are ordered alphabetically by media_id.
- upload_name - Media are ordered alphabetically by name the media was uploaded with.
- created_ts - Media are ordered by when the content was uploaded in ms. +Smallest to largest. This is the default.
- last_access_ts - Media are ordered by when the content was last accessed in ms. +Smallest to largest.
- media_length - Media are ordered by length of the media in bytes. +Smallest to largest.
- media_type - Media are ordered alphabetically by MIME-type.
- quarantined_by - Media are ordered alphabetically by the user ID that +initiated the quarantine request for this media.
- safe_from_quarantine - Media are ordered by the status if this media is safe +from quarantining.
+
+
dir - Direction of media order. Either f for forwards or b for backwards. +Setting this value to b will reverse the above sort order. Defaults to f.
+

If neither order_by nor dir is set, the default order is newest media on top +(corresponds to order_by = created_ts and dir = b).

Caution. The database only has indexes on the columns media_id, +user_id and created_ts. This means that if a different sort order is used +(upload_name, last_access_ts, media_length, media_type, +quarantined_by or safe_from_quarantine), this can cause a large load on the +database, especially for large environments.

Response

The following fields are returned in the JSON response body:

media - An array of objects, each containing information about a media. +Media objects contain the following fields: +
- created_ts - integer - Timestamp when the content was uploaded in ms.
- last_access_ts - integer - Timestamp when the content was last accessed in ms.
- media_id - string - The id used to refer to the media.
- media_length - integer - Length of the media in bytes.
- media_type - string - The MIME-type of the media.
- quarantined_by - string - The user ID that initiated the quarantine request +for this media.
- safe_from_quarantine - bool - Status if this media is safe from quarantining.
- upload_name - string - The name the media was uploaded with.
+
next_token: integer - Indication for pagination. See above.
total - integer - Total number of media.

Delete media uploaded by a user

This API deletes the local media from the disk of your own server +that a specific user_id has created. This includes any local thumbnails.

This API will not affect media that has been uploaded to external +media repositories (e.g https://github.com/turt2live/matrix-media-repo/).

By default, the API deletes media ordered by descending creation date and ascending media ID. +The newest media is deleted first. You can change the order with parameters +order_by and dir. If no limit is set the API deletes 100 files per request.

The API is:

DELETE /_synapse/admin/v1/users/<user_id>/media
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

A response body like the following is returned:

{
+  "deleted_media": [
+    "abcdefghijklmnopqrstuvwx"
+  ],
+  "total": 1
+}
+

The following fields are returned in the JSON response body:

deleted_media: an array of strings - List of deleted media_id
total: integer - Total number of deleted media_id

Note: There is no next_token. This is not useful for deleting media, because +after deleting media the remaining media have a new order.

Parameters

This API has the same parameters as +List media uploaded by a user. +With the parameters you can for example limit the number of files to delete at once or +delete largest/smallest or newest/oldest files first.

+ +

Get an access token that can be used to authenticate as that user. Useful for +when admins wish to do actions on behalf of a user.

The API is:

POST /_synapse/admin/v1/users/<user_id>/login
+{}
+

An optional valid_until_ms field can be specified in the request body as an +integer timestamp that specifies when the token should expire. By default tokens +do not expire.

A response body like the following is returned:

{
+    "access_token": "<opaque_access_token_string>"
+}
+

This API does not generate a new device for the user, and so will not appear +their /devices list, and in general the target user should not be able to +tell they have been logged in as.

To expire the token call the standard /logout API with the token.

Note: The token will expire if the admin user calls /logout/all from any +of their devices, but the token will not expire if the target user does the +same.

User devices

List all devices

Gets information about all devices for a specific user_id.

The API is:

GET /_synapse/admin/v2/users/<user_id>/devices
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

A response body like the following is returned:

{
+  "devices": [
+    {
+      "device_id": "QBUAZIFURK",
+      "display_name": "android",
+      "last_seen_ip": "1.2.3.4",
+      "last_seen_ts": 1474491775024,
+      "user_id": "<user_id>"
+    },
+    {
+      "device_id": "AUIECTSRND",
+      "display_name": "ios",
+      "last_seen_ip": "1.2.3.5",
+      "last_seen_ts": 1474491775025,
+      "user_id": "<user_id>"
+    }
+  ],
+  "total": 2
+}
+

Parameters

The following parameters should be set in the URL:

user_id - fully qualified: for example, @user:server.com.

Response

The following fields are returned in the JSON response body:

+
devices - An array of objects, each containing information about a device. +Device objects contain the following fields:
+
- device_id - Identifier of device.
- display_name - Display name set by the user for this device. +Absent if no name has been set.
- last_seen_ip - The IP address where this device was last seen. +(May be a few minutes out of date, for efficiency reasons).
- last_seen_ts - The timestamp (in milliseconds since the unix epoch) when this +devices was last seen. (May be a few minutes out of date, for efficiency reasons).
- user_id - Owner of device.
+
+
total - Total number of user's devices.
+

Delete multiple devices

Deletes the given devices for a specific user_id, and invalidates +any access token associated with them.

The API is:

POST /_synapse/admin/v2/users/<user_id>/delete_devices
+
+{
+  "devices": [
+    "QBUAZIFURK",
+    "AUIECTSRND"
+  ],
+}
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

An empty JSON dict is returned.

Parameters

The following parameters should be set in the URL:

user_id - fully qualified: for example, @user:server.com.

The following fields are required in the JSON request body:

devices - The list of device IDs to delete.

Show a device

Gets information on a single device, by device_id for a specific user_id.

The API is:

GET /_synapse/admin/v2/users/<user_id>/devices/<device_id>
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

A response body like the following is returned:

{
+  "device_id": "<device_id>",
+  "display_name": "android",
+  "last_seen_ip": "1.2.3.4",
+  "last_seen_ts": 1474491775024,
+  "user_id": "<user_id>"
+}
+

Parameters

The following parameters should be set in the URL:

user_id - fully qualified: for example, @user:server.com.
device_id - The device to retrieve.

Response

The following fields are returned in the JSON response body:

device_id - Identifier of device.
display_name - Display name set by the user for this device. +Absent if no name has been set.
last_seen_ip - The IP address where this device was last seen. +(May be a few minutes out of date, for efficiency reasons).
last_seen_ts - The timestamp (in milliseconds since the unix epoch) when this +devices was last seen. (May be a few minutes out of date, for efficiency reasons).
user_id - Owner of device.

Update a device

Updates the metadata on the given device_id for a specific user_id.

The API is:

PUT /_synapse/admin/v2/users/<user_id>/devices/<device_id>
+
+{
+  "display_name": "My other phone"
+}
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

An empty JSON dict is returned.

Parameters

The following parameters should be set in the URL:

user_id - fully qualified: for example, @user:server.com.
device_id - The device to update.

The following fields are required in the JSON request body:

display_name - The new display name for this device. If not given, +the display name is unchanged.

Delete a device

Deletes the given device_id for a specific user_id, +and invalidates any access token associated with it.

The API is:

DELETE /_synapse/admin/v2/users/<user_id>/devices/<device_id>
+
+{}
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

An empty JSON dict is returned.

Parameters

The following parameters should be set in the URL:

user_id - fully qualified: for example, @user:server.com.
device_id - The device to delete.

List all pushers

Gets information about all pushers for a specific user_id.

The API is:

GET /_synapse/admin/v1/users/<user_id>/pushers
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

A response body like the following is returned:

{
+  "pushers": [
+    {
+      "app_display_name":"HTTP Push Notifications",
+      "app_id":"m.http",
+      "data": {
+        "url":"example.com"
+      },
+      "device_display_name":"pushy push",
+      "kind":"http",
+      "lang":"None",
+      "profile_tag":"",
+      "pushkey":"a@example.com"
+    }
+  ],
+  "total": 1
+}
+

Parameters

The following parameters should be set in the URL:

user_id - fully qualified: for example, @user:server.com.

Response

The following fields are returned in the JSON response body:

+
pushers - An array containing the current pushers for the user
+
- +
  app_display_name - string - A string that will allow the user to identify +what application owns this pusher.
  +
- +
  app_id - string - This is a reverse-DNS style identifier for the application. +Max length, 64 chars.
  +
- +
  data - A dictionary of information for the pusher implementation itself.
  +
  - +
    url - string - Required if kind is http. The URL to use to send +notifications to.
    +
  - +
    format - string - The format to use when sending notifications to the +Push Gateway.
    +
  +
- +
  device_display_name - string - A string that will allow the user to identify +what device owns this pusher.
  +
- +
  profile_tag - string - This string determines which set of device specific rules +this pusher executes.
  +
- +
  kind - string - The kind of pusher. "http" is a pusher that sends HTTP pokes.
  +
- +
  lang - string - The preferred language for receiving notifications +(e.g. 'en' or 'en-US')
  +
- +
  profile_tag - string - This string determines which set of device specific rules +this pusher executes.
  +
- +
  pushkey - string - This is a unique identifier for this pusher. +Max length, 512 bytes.
  +
+
+
total - integer - Number of pushers.
+

See also the +Client-Server API Spec on pushers.

Controlling whether a user is shadow-banned

Shadow-banning is a useful tool for moderating malicious or egregiously abusive users. +A shadow-banned users receives successful responses to their client-server API requests, +but the events are not propagated into rooms. This can be an effective tool as it +(hopefully) takes longer for the user to realise they are being moderated before +pivoting to another account.

Shadow-banning a user should be used as a tool of last resort and may lead to confusing +or broken behaviour for the client. A shadow-banned user will not receive any +notification and it is generally more appropriate to ban or kick abusive users. +A shadow-banned user will be unable to contact anyone on the server.

To shadow-ban a user the API is:

POST /_synapse/admin/v1/users/<user_id>/shadow_ban
+

To un-shadow-ban a user the API is:

DELETE /_synapse/admin/v1/users/<user_id>/shadow_ban
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

An empty JSON dict is returned in both cases.

Parameters

The following parameters should be set in the URL:

user_id - The fully qualified MXID: for example, @user:server.com. The user must +be local.

Override ratelimiting for users

This API allows to override or disable ratelimiting for a specific user. +There are specific APIs to set, get and delete a ratelimit.

Get status of ratelimit

The API is:

GET /_synapse/admin/v1/users/<user_id>/override_ratelimit
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

A response body like the following is returned:

{
+  "messages_per_second": 0,
+  "burst_count": 0
+}
+

Parameters

The following parameters should be set in the URL:

user_id - The fully qualified MXID: for example, @user:server.com. The user must +be local.

Response

The following fields are returned in the JSON response body:

messages_per_second - integer - The number of actions that can +be performed in a second. 0 mean that ratelimiting is disabled for this user.
burst_count - integer - How many actions that can be performed before +being limited.

If no custom ratelimit is set, an empty JSON dict is returned.

{}
+

Set ratelimit

The API is:

POST /_synapse/admin/v1/users/<user_id>/override_ratelimit
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

A response body like the following is returned:

{
+  "messages_per_second": 0,
+  "burst_count": 0
+}
+

Parameters

The following parameters should be set in the URL:

user_id - The fully qualified MXID: for example, @user:server.com. The user must +be local.

Body parameters:

messages_per_second - positive integer, optional. The number of actions that can +be performed in a second. Defaults to 0.
burst_count - positive integer, optional. How many actions that can be performed +before being limited. Defaults to 0.

To disable users' ratelimit set both values to 0.

Response

The following fields are returned in the JSON response body:

messages_per_second - integer - The number of actions that can +be performed in a second.
burst_count - integer - How many actions that can be performed before +being limited.

Delete ratelimit

The API is:

DELETE /_synapse/admin/v1/users/<user_id>/override_ratelimit
+

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

An empty JSON dict is returned.

{}
+

Parameters

The following parameters should be set in the URL:

user_id - The fully qualified MXID: for example, @user:server.com. The user must +be local.

Check username availability

Checks to see if a username is available, and valid, for the server. See the client-server +API +for more information.

This endpoint will work even if registration is disabled on the server, unlike +/_matrix/client/r0/register/available.

The API is:

GET /_synapse/admin/v1/username_available?username=$localpart
+

The request and response format is the same as the /_matrix/client/r0/register/available API.

To use it, you will need to authenticate by providing an access_token for a +server admin: Admin API

+ +